Want to Reboot server from ASPX page

Terry · Terry

I am developing a asp.net web based service application for our product
I am trying to trigger a reboot of the server based on a user request
I believe I have all the appropriate code for AdjustingTokens etc an
all those calls seem to succeed, however, the final call to ExitWindowsE
is failing with 'Access Denied'

In my machine.config, I have already set the userName to 'System' as
seem to require this for some other functionality I implemented. I also trie
to impersonate a local user account with admin priviledges via my application
web.config file but that failed as well with the same 'Access Denied' (by th
way what exactly does 'impersonate' in the web.config do when the machine.config
file already lets me specify the user as 'SYSTEM'?

I expect there is some other security thing that I need to twiddle ... any ideas greatl
appreciated (with as much detail as possible, I am very new to this whole web securit
stuff)

Thanks

Terr

Chris Botha · Chris Botha

Terry, first get the code to run in a normal Windows App, so you know that
it works.
After that, it should be a security issue, and impersonation should work,
but you also have to switch off anonymous access to the virtual directory
for impersonation to work.
To ensure that your impersonation is set up correctly, add a test call
somewhere in a form, returning the current user, and check that it is what
you expect (not the anonymous, or ASP.NET user, etc). To get the current
user, call
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

"Terry" <anonymous@discussions.microsoft.com> wrote in message
news:27B39478-93C0-42AE-9ECE-A49E9EC01AE7@microsoft.com...

> I am developing a asp.net web based service application for our product.
> I am trying to trigger a reboot of the server based on a user request.
> I believe I have all the appropriate code for AdjustingTokens etc and
> all those calls seem to succeed, however, the final call to ExitWindowsEx
> is failing with 'Access Denied'.
>
> In my machine.config, I have already set the userName to 'System' as I
> seem to require this for some other functionality I implemented. I also

tried

> to impersonate a local user account with admin priviledges via my

applications

> web.config file but that failed as well with the same 'Access Denied' (by

the

> way what exactly does 'impersonate' in the web.config do when the

machine.config

> file already lets me specify the user as 'SYSTEM'?)
>
> I expect there is some other security thing that I need to twiddle ... any

ideas greatly

> appreciated (with as much detail as possible, I am very new to this whole

web security

> stuff).
>
> Thanks,
>
> Terry
>

Terry · Terry

OK, I have verified that the shutdown related code is working fine fro
a regular app

How do I switch off anonymous access to the virtual directory
Are you talking about adding a statement like <deny user="?"
in my web.config file or are you talking about a setting i
the IIS Service Mgr

I am using a simple application based 'Forms' authentication
In this case if I use <identity impersonate="true" /> who woul
it be impersonating ... or in this case because I am using Form
authentication would I have to spell all that out like
<identity impersonate="true" userName="abc" password="def"

I am still a little puzzled by all this impersonate stuff ... if you d
impersonation what is the point of setting the user='SYSTEM' i
the machine.config file

Thanks

Terr

----- Chris Botha wrote: ----

Terry, first get the code to run in a normal Windows App, so you know tha
it works
After that, it should be a security issue, and impersonation should work
but you also have to switch off anonymous access to the virtual director
for impersonation to work
To ensure that your impersonation is set up correctly, add a test cal
somewhere in a form, returning the current user, and check that it is wha
you expect (not the anonymous, or ASP.NET user, etc). To get the curren
user, cal
System.Security.Principal.WindowsIdentity.GetCurre nt().Nam

"Terry" <anonymous@discussions.microsoft.com> wrote in messag
news:27B39478-93C0-42AE-9ECE-A49E9EC01AE7@microsoft.com..

> I am developing a asp.net web based service application for our product
> I am trying to trigger a reboot of the server based on a user request
> I believe I have all the appropriate code for AdjustingTokens etc an
> all those calls seem to succeed, however, the final call to ExitWindowsE
> is failing with 'Access Denied'

>> In my machine.config, I have already set the userName to 'System' as

> seem to require this for some other functionality I implemented. I als

trie

> to impersonate a local user account with admin priviledges via m

application

> web.config file but that failed as well with the same 'Access Denied' (b

th

> way what exactly does 'impersonate' in the web.config do when th

machine.confi

> file already lets me specify the user as 'SYSTEM'?

>> I expect there is some other security thing that I need to twiddle ... an

ideas greatl

> appreciated (with as much detail as possible, I am very new to this whol

web securit

> stuff)

>> Thanks
>> Terr

>

Joe Kaplan \(MVP - ADSI\) · Joe Kaplan \(MVP - ADSI\)

If you are using Forms authentication and have impersonation enabled, you
are impersonating the anonymous user configured in IIS to be used for
anonymous requests (IUSER_MACHINENAME by default).

If you need SYSTEM privileges to do what you need to do, you must not
impersonate the anonymous user. You could set the processModel to SYSTEM
(like you said you did before) and that should work, as the processModel
account is the account the request runs under when you are not
impersonating.

However, running under SYSTEM is generally not a good idea for other
security reasons. It is probably a better idea to create a COM+ component
that does the required functionality and run that with an identity with the
correct permissions. Then, you would call that COM+ component from your
application.

It is hard for me to imagine why you would want to allow a remote web
request to reboot the server, but I guess we'll help you do that if that's
what you want...

Joe K.

"Terry" <anonymous@discussions.microsoft.com> wrote in message
news:97F66F42-C306-4809-84A1-A1E8CCFE9237@microsoft.com...

> OK, I have verified that the shutdown related code is working fine from
> a regular app.
>
> How do I switch off anonymous access to the virtual directory?
> Are you talking about adding a statement like <deny user="?">
> in my web.config file or are you talking about a setting in
> the IIS Service Mgr.
>
> I am using a simple application based 'Forms' authentication.
> In this case if I use <identity impersonate="true" /> who would
> it be impersonating ... or in this case because I am using Forms
> authentication would I have to spell all that out like
> <identity impersonate="true" userName="abc" password="def">
>
> I am still a little puzzled by all this impersonate stuff ... if you do
> impersonation what is the point of setting the user='SYSTEM' in
> the machine.config file?
>
> Thanks,
>
> Terry
>
> ----- Chris Botha wrote: -----
>
> Terry, first get the code to run in a normal Windows App, so you know

that

> it works.
> After that, it should be a security issue, and impersonation should

work,

> but you also have to switch off anonymous access to the virtual

Want to Reboot server from ASPX page

Thread Tools

Display

Want to Reboot server from ASPX page

Similar Questions and Discussions

ADOBE: PLEASE REBOOT YOUR SERVER

Accessing an .aspx page from server in a DMZ

Accessing a aspx page using HttpWebRequest from another aspx page on the same webapp

SQL statement working in SQL Server but not in .aspx.cs page

Reboot remote server from ASP.NET (VB.NET) using WMI

Re: Want to Reboot server from ASPX page

Re: Want to Reboot server from ASPX page

Re: Want to Reboot server from ASPX page

Re: Want to Reboot server from ASPX page

Posting Permissions